WTF表单
wtf.py
from flask_wtf import FlaskForm from wtform import StringField, PasswordField, SubmmitField app.config["SECRET_KEY"] = "12345678" class register(flaskform): username = StringField("用户名:", render_kw={"placeholder":"占位符"}) password = PasswordField("密码:") password2 = PassswordField("确认密码:") submit = SubmitField("提交")
from flask import Flask, render_template from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, SubmitField app = Flask(__name__) class register(FlaskForm): username = StringField("用户名:", render_kw={'placeholder': "我是占位符"}) password = PasswordField("密码:") password2 = PasswordField("确认密码") submit = SubmitField("注册") @app.route("/",methods=["POST", "GET"]) def index(): registerform = register() return render_template("demo4_template.html", form=registerform) if __name__ == '__main__': app.run()
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> {# <form method="post">#} {# <label>用户名:</label><input type="text" name="username" placeholder="请输入用户名"><br/>#} {# <label>密码:</label><input type="password" name="password" placeholder="请输入密码"><br/>#} {# <label>确认密码:</label><input type="password" name="password2" placeholder="请输入确认密码"><br/>#} {# <input type="submit" value="注册">#} {##} {#</form>#} <br/> <br/> <br/> <form method = "post"> {{ form.username.label }}{{ form.username }}<br/> {{ form.password.label }}{{ form.password }}<br/> {{ form.password2.label }}{{ form.password2 }}<br/> {{ form.submit}} </form> </body> </html>
CSRF
- 在客户端向后端请求界面数据的时候,后端会往响应中的 cookie 中设置 csrf_token 的值
- 在 Form 表单中添加一个隐藏的的字段,值也是 csrf_token
- 在用户点击提交的时候,会带上这两个值向后台发起请求
- 后端接受到请求,以会以下几件事件:
- 从 cookie中取出 csrf_token
- 从 表单数据中取出来隐藏的 csrf_token 的值
- 进行对比
- 如果比较之后两值一样,那么代表是正常的请求,如果没取到或者比较不一样,代表不是正常的请求,不执行下一步操作